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(54) IP router device having a TCP termination function and a medium thereof 



(57) When a plurality of IP packets to be relayed, 
which form a TCP connection, pass through a router de- 
vice, converting units (12a, 12b) rewrite part of IP ad- 
dress Information and port number information within 
the packets according to a predetermined rule in coop- 
eration with a TCP connection management database 
(15). A stream linking unit (14) extracts the information 



indicating the original connection destination of a TCP 
connection from the packets, and links two TCP con- 
nections with streams. The converting units (12a, 12b) 
rewrite part of the IP address information and the port 
number information within a plurality of packets to form 
a TCP connection with an original connection destina- 
tion according to a predetermined rule in cooperation 
with the management database (15). 
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Description 

[0001] Conventionally, the Internet was configured by 
wired networks typified by Ethernet. In recent years, 
however, networks configuring the Internet have been 5 
diversified, and an IP network using a cellular phone, a 
PHS, a wireless packet device, etc. has been widely 
used. To effectively use a given bandwidth in the Internet 
including wireless networks, an IP router with which an 
efficient transmission rate can be obtained in a connec- 
tion between hosts in the case where networks having 
different natures such as wired and wireless are linked. 
[0002] The present invention relates to an IP router 
device having a function for linking different networks 
and for terminating a TCP connection relaying IP pack- 
ets between networks in a computer network based on 
the Internet Protocol (IP). 

[0003] In a wired network, an IP packet loss or delay 
occurs mainly due to a congestion within an IP router 
which links networks. In the meantime, in a wireless net- 
work, data that is modulated into radio waves in the 
physical layer is not properly transmitted by being influ- 
enced by a state change caused by radio wave attenu- 
ation, interference, blocking by an object, etc. so that an 
IP packet loss or delay occurs. 

[0004] Currently, the protocol called TCP (Transmis- 
sion Control Protocol) is used as a standard for making 
a reliable data transmission in the Internet. 
[0005] However, as to TCP, it is known that a conges- 
tion occurring within a wired network is recognized as a 
main cause of a packet loss/delay, and an efficient trans- 
mission rate cannot be obtained in a wireless network 
unless the parameters and algorithms for controlling 
TCP are optimized for a wireless network. 
[0006] Considered as a solution to the above de- 
scribed problem is an application gateway which uses 
control parameters and algorithms, which are respec- 
tively suitable for TCP connections, by once terminating 
TCP connections in the TCP layer and by establishing 
respective TCP connections for networks of different na- 
tures, and provides an efficient transmission rate. 
[0007] Configuration of a conventional IP router de- 
vice and that of a conventional TCP terminating device 
are respectively shown in Figs. 1 and 2. The IP router 
device shown in Fig. 1 comprises network drivers 11a 
and 11b, IP stacks 12a and 12b, and an IP forwarding 
16. The IP router passes IP packets between networks 
as shown in Fig. 1. The header configuration of an IP 
packet, that of a TCP packet, and that of an ICMP packet 
are respectively shown in Figs. 3, 4, and 5. 
[0008] In the header of the IP packet, src-lP 
(SOURCE IP ADDRESS) indicating the IP address of a 
transmission source, and dst-IP (DESTINATION IP AD- 
DRESS) indicating the IP address of a connection des- 
tination are described as shown in Fig. 3. In the header 
of the TCP packet, src-port number (SOURCE PORT) 
indicating the port number of a transmission source, and 
dst-port number (DESTINATION PORT) indicating the 



port number of a connection destination are described 
as shown in Fig. 4. In the header of Ihe lCMP packet, 
TYPE (type) and an IP header and first 64 bits of a da- 
tagram are described. 

[0009] The flow of the process for inputting an IP 
packet, which is performed by the IP stacks 12a and 1 2b 
of the above described conventional IP router device, is 
shown in Fig. 6, whereas the flow of the process for out- 
putting an IP packet, which is performed by the IP stacks 
12a and 12b of the IP router device, is shown in Fig. 7. 
In the input process, the IP stack determines whether 
or not the dst-IP address of an IP packet is addressed 
to its local host as shown in Fig. 6. If the IP stack deter- 
mines that the IP packet is addressed to the local host, 
it passes the packet to aTCP/UDP stack of its local host. 
If the IP stack determines that the IP packet is not ad- 
dressed to the local host, it passes the packet to the 
output process via the IP forwarding. 
[0010] Additionally, in the output process, the IPstack 
searches a routing table with the dst-IP address or its 
subnetwork, and passes the I P packet to a network driv- 
er according to the routing table, as shown in Fig. 7. 
[0011] Since the IP router device only passes an IP 
packet between networks as described above, funda- 
mentally, an end host is unconscious of the existence of 
the router! It is possible to make an IP packet uniquely 
reach between arbitrary hosts via this router device, and 
there is no change in the information of the src-IP ad- 
dress and the dst-IP address within the header of the IP 
packet. Additionally, even if a change occurs in the con- 
figuration of a router or the number of routers on an end- 
to-end path, there is no influence. 
[0012] Namely, one of the features of the Internet is 
that each host has a globally unique IP address, a com- 
munication can be made from the host to an arbitrary 
host, and a communication can be made from the arbi- 
trary host to the corresponding host. This feature is 
called "end-to-end global connectivity guarantee". 
[0013] In the meantime, the conventional TCP termi- 
nating device (application gateway) is composed of net- 
work drivers 11a and 11b, IP stacks 12a and 12b, TCP 
stacks 13a and 13b, a stream transferring unit 14, and 
a database 20 for holding connection information. 
[001 4] The flowchart of the stream transfer function of 
the conventional TCP terminating device (application 
gateway) is shown in Fig. 8. As shown In this figure, the 
stream transfer function waits for the link of a TCP con- 
nection as a server socket (step S1), and establishes a 
TCP connection with a client (step S2). Then, the stream 
transfer function obtains the IP address and the port 
number of the connection destination from the data with- 
in a stream (step S3) : and establishes aTCP connection 
at the connection destination as a client socket (step 
S4). 

[0015] Then, the stream transfer function determines 
whether or not the stream continues (step S5). If the 
stream does not continue, the process is terminated. If 
the stream continues, the stream transfer function reads 
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data the amount of which is equal to or smaller than a 
predetermined amount from the stream from the client 
(step S6), and writes the data to the stream to the server 
(step S7). 

[0016] The above described TCP terminating device 
(application gateway) has a problem such that the global 
connectivity guarantee cannot be made for the following 
reasons. 

(a) Many protocol -dependent application gateways 
make TCP termination only for a particular protocol. 
Therefore, an IP packet or a TCP stream does not 
flow with an unsupported application. 

(b) Since a gateway that does not store end-to-end 
information makes TCP termination, the host of the 
gateway is misidentrfied as an end host as opposed 
to a partner end host. Namely, the end hosts cannot 
identify their counterparts mutually. 

[001 7] One of the important things to implement the 
TCP terminating device (application gateway) is that the 
information of a connection destination must be notified 
from a client host by some means or another. 
[001 8] As a specific example, http handling web data 
supports a communication via an application gateway 
referred to as a proxy. With http, the information of the 
IP address or the port number of a connection destina- 
tion can be written. 

[001 9] However, since such a method is not support- 
ed by all of application protocols, it can be said that serv- 
ice scalability is significantly low. 
[0020] In the meantime, there is a method using soft- 
ware (middleware) for a client host, which operates in 
coordination with an application gateway. 
[0021] This software is intended to direct all TCP con- 
nections toward an application gateway, and, therefore, 
its service scalability is significantly improved in com- 
parison with a normal proxy. 

[0022] However, this software cannot cope with a pro- 
tocol to be described below, according to which a con- 
nection is established in two stages, and a second con- 
nection is established in a reverse direction of afirst con- 
nection. 

[0023] Taken as a specific example is the use of a data 
transfer application ftp by an application gateway. 
[0024] First of all, it is possible to establish a control 
session from a client to a server. However, attempts are 
unsuccessfully made to establish a data session, which 
makes a data transfer, from the server to the client. The 
reason why the first control session is established is that 
a stream flows in the direction from the client to the serv- 
er. 

[0025] However, the end host viewed from the server 
of the control session is a gateway. Although the server 
attempts to establish the data session toward the gate- 
way, it fails in the attempts to establish the data session. 
This is because the gateway is not passive-open. 
[0026] As far as ftp is concerned, this problem can be 



avoided by using the passive mode of the client soft- 
ware. However, other protocols that establish a connec : 
tion in two stages exist, and service scalability, is still 
problematic if a possible future increase in such proto- 

5 cols is considered. 

[0027] As described above, reachability of an I P pack- 
et or a stream has a problem in an end-to-end connec- 
tion on which a conventional TCP terminating device is 
arranged, and the end-to-end connectivity guarantee 

to cannot be made. 

[0028] A summary of one of the problems of the con- 
ventional TCP terminating device, that is, n on -storage 
of end-to-end information, is shown in Figs. 10A and 
10B. 

15 [0029] As shown in Fig. 1 0A, no change occurs in the 
information of the IP address and the port number within 
the IP packet header even if the packet passes through 
a normal IP router, as shown in Fig. 10A. 
[0030] However, if an IP packet passes through the 
conventional TCP terminating device (actually, after the 
IP packet is once reconfigured into a stream, it is reas- 
sembled to a packet). As shown in Fig. 1 0B, the IP ad- 
dress and the port number of the IP packet replace the 
IP address and the port number of a gateway as a new 
end host. 

[0031] Currently, many application gateways and NAT 
routers which perform the conversion between a private 
address and a global address provide, in order to avoid 
such a problem, the mechanism for respectively coping 
with each application protocol and for transmitting a 
TCP or a UDP packet from a server to a original client. 
[0032] However, also with other application protocols, 
not a few cases exist in which the IP address of a client 
is obtained from the first session, and a TCP connection 
is established from a serverto the client or a UD P packet 
is transmitted based on the obtained information. Fur- 
thermore, because the above described mechanism 
has a problem such that some measures must be taken 
each time a new application or protocol appears, ft can 
be said that this mechanism is lack of service scalability. 
[0033] The present invention was developed in the 
above described art, and aims at implementing an IP 
router device having a function for terminating a TCP 
connection which can provide global connectivity as a 
feature of the Internet while adopting the mechanism for 
terminating a TCP connection in order to make an effi- 
cient transmission in a TCP connection. 
[0034] A router device according to the present inven- 
tion is a router device having a function for linking a plu- 
rality of different IP networks and terminating a TCP con- 
nection. This router device comprises: a first converting 
unit rewriting part of the IP address information and the 
port number information within a plurality of IP packets 
(possibly according to a predetermined rule) when the 
plurality of IP packets to be relayed, which form a TCP 
connection, pass through the router device; and a unit 
extracting information indicating an original connection 
destination of the TCP connection, generating a TCP 
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connection from the router to the connection destina- 
tion; and linking the two TCP connections with streams, 
and a second converting unit rewriting part of the IP ad- 
dress information and the port number information with- 
in the plurality of IP packets forming the TCP connection 
(possibly according to a predetermined rule) for a TCP 
connection from the router to the connection destina- 
tion; wherein the first and the second converting units 
handle the above described two TCP connections as a 
pair, assign a unique identification number to the TCP 
connection pair, and manage the two TCP connections 
according to the unique identification number stored in 
the database. 

[0035] An IP router device guaranteeing the global 
connectivity which is important as a feature of the Inter- 
net while adopting the mechanism forterminating a TCP 
connection may thus be realised to make an efficient 
transmission in the TCP connection straddling networks 
of different natures. 

Brief Description of the Drawings 

[0036] 

Fig. 1 shows the configuration of a conventional IP 
router device; 

Fig. 2 shows the configuration of a conventional 
TCP terminating device; 

Fig. 3 shows the header configuration of an I P pack- 
et; 

Fig. 4 shows the header configuration of a TCP 
packet; 

Fig. 5 shows the header configuration of an ICMP 
packet; 

Fig. 6 shows the flow of an IP packet input process 
performed by the conventional IP router device; 
Fig. 7 shows the flow of an IP packet output process 
performed by the conventional IP router device; 
Fig: 8 is a flowchart showing a stream transfer func- 
tion of the conventional TCP terminating device; 
Fig. 9 explains the outline of the present invention; 
Figs. 10A through 10C explain the information 
change of an IP packet after passing through a rout- 
er and global connectivity; 
Fig. 11 exemplifies the configuration of a device to 
which the present invention is applied; 
Fig. 12 shows the configuration of a router device 
according to a preferred embodiment of the present 
invention; 

Fig. 13 explains conversion rules for information 
within an IP packet in the router device according 
to the preferred embodiment of the present inven- 
tion; 

Fig. 14 shows an input process of an IP stack ac- 
cording to the preferred embodiment of the present 
invention; 

Fig. 1 5 shows an output process of the IP stack ac- 
cording to the preferred embodiment of the present 



invention; 

Fig. 16 shows the flow of an entry deletion process 
in a management database according to the pre- 
ferred embodiment of the present invention; 
5 Fig. 1 7 shows the process flow of a converting func- 
tion 1 according to the preferred embodiment of the 
present invention; 

Fig. 1 8 shows the process flow of a converting func- 
tion 2 according to the preferred embodiment of the 
10 present invention; 

Fig. 1 9 shows the process flow of a converting func- 
tion 3 according to the preferred embodiment of the 
present invention; 

Fig. 20 shows the process flow of a converting func- 
15 tion 4 according to the preferred embodiment of the 
present invention; 

Fig. 21 shows the process flow of a stream transfer 
function according to the preferred embodiment of 
the present invention; 
20 Fig. 22 explains IP packet generation and payload 
information reversing; and 

Fig. 23 shows the flow of an ICMP packet conver- 
sion process according to the preferred embodi- 
ment of the present invention. 

25 

Description of the Preferred Embodiments 

[0037] Fig. 9 explains the outline of the present inven- 
tion. In this figure, 11 a and 11b indicate network drivers, 

30 12a and 12b indicate IP stacks, 13a and 13b indicate 
TCP stacks, 14 indicates a stream transferring unit, 15 
indicates a TCP connection management database, 
and 16 indicates an IP forwarding, 
[0036] Configuration of the fundamental portion of an 

35 |p router device according to the present invention is 
similar to that of a conventional application gateway. 
However, according to the present invention, the follow- 
ing points are added and modified in contrast to the con- 
ventional application gateway shown in Fig. 2. 

40 

(a) The point that units converting the information 
within a TCP/IP packet header (converting func- 
tions 1 through 4 shown in Fig. 9) in the IP stacks 
1 2a and 1 2b, and a database for these functions (a 

*5 TCP connection management database 15 shown 
in Fig. 9) are arranged. 

(b) The point that a function for extracting the I P ad- 
dress and the port number of a TCP connection 
destination is arranged in the stream transferring 

50 unit 14. 

[0039] The TCP/IP packet header information con- 
verting functions 1 through 4 exist respectively as the 
processes for input and output packets. These functions 
55 operate individually for the network drivers (network in- 
terfaces) 11a and 11b. Note that, however, the convert- 
ing functions 1 through 4 cooperate with on another via 
the shared TCP connection management database 15, 
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so that the processes are performed according to a 
unique conversion rule for one TCP connection. 
[0040] The stream transferring unit 14 has the func- 
tion for extracting the address and the port number of a 
TCP connection destination based on the information of 5 
a TCP connection with a client, unlike the conventional 
application gateway. 

[0041] As shown in Fig. 9, the present invention over- 
comes the above described problems as follows. 

10 

(1) A router device that has a function for terminat- 
ing a TCP connection and links a plurality of differ- 
ent IP networks is made to comprise: first convert- 
ing units (conversion functions 1 and 2 shown in Fig. 

9) rewriting part of the IP address information and is 
the port number information within a plurality of IP 
packets according to a predetermined rule when the 
plurality of IP packets to be relayed, which form a 
TCP connection, pass through the router device; a 
stream transfer 14 in Fig. 9 extracting the informa- 20 
tion indicating an original connection destination of 
the TCP connection, generating a TCP connection 
from the router to the connection destination, and 
linking the two TCP connections with a stream; and 
second converting units (conversion functions 3 25 
and 4) rewriting part of the IP address information 
and the port number information within a plurality of 
IP packets forming the TCP connection to the orig- 
inal connection destination, wherein the first and the 
second converting units handle the above de- 30 
scribed two TCP connections as a pair, store infor- 
mation needed for rewriting, which is related with 
an identification number, (entry or item of Fig. 13), 
by assigning a unique identification number to the 
pair, and manages the two TCP connections with 35 
the unique identification number stored in the data- 
base 15. 

(2) In the above described (1 ), the first and the sec- 
ond converting units generate, delete, or update the 
information of IP addresses or TCP port numbers *o 
obtained from the database using an identification 
number as a retrieval key, stored in the database 
upon receiving the TCP connection termination no- 
tification from the TCP stack. 

(3) In the above described (1 ) and (2) : the first and 45 
the second converting units do not rewrite the infor- 
mation within IP packets other than a TCP packet, 
and route the packets to a predetermined network. 

(4) In the above described (1), (2), and (3), the first 
and the second converting units do not rewrite the so 
information within IPpackets of a new TCP connec- 
tion which exceeds a predetermined number of con- 
nections, and route the packets to a predetermined 
network. 

(5) In the above described (1) through (4), the first 55 
and the second converting units rewrite the IP ad- 
dress Information and the port number information, 
and part of the TCP/IP header information included 



in packet data for an ICMP packet which has header 
information of a predetermined type therein. 

[0042] The router device may be configured in a way 
such that the above described first and second convert- 
ing units and the unit linking connections with a stream 
assign one identification number to a TCP connection 
pair, and manage a plurality of TCP connection pairs. 
As a result, a plurality of TCP connections can be sup- 
ported. 

[0043] Packet information before and after a conven- 
tional IP router device, ah IP router device according to 
the present invention, and a conventional application 
gateway are shown in Figs. 10A through 10C. 
[0044] Fig. 10A shows the information of the IP ad- 
dress and the port number within a packet header before 
and after the packet passes through the above de- 
scribed conventional IP router. This figure illustrates the 
characteristic such that no change occurs in the address 
and the port number information even if the packet pass- 
es through the router. This means the above described 
global connectivity guarantee. 

[0045] Fig. 10B shows the information of an IP ad- 
dress and a port number within a packet header before 
and after the packet passes through the above de- 
scribed conventional application gateway. Here, the in- 
formation within the packet header is proved to change 
at the application gateway as a boundary. Accordingly, 
the global connectivity cannot be guaranteed. 
[0046] According to the present invention, no change 
occurs in the information of an IP address and a port 
number within a packet header although a TCP connec- 
tion is terminated. Accordingly, both of end hosts can 
implement a TCP connection in exactly the same man- 
ner as in the conventional IP router. Consequently, the 
global connectivity is guaranteed. 
[0047] Fig. 11 exemplifies the configuration where the 
present invention is implemented as a device. 
[0048] Normally, software for implementing the func- 
tions of the present invention is stored in a main storage 
device 1 02 or an auxiliary storage device 1 03 in a gen- 
eral-purpose computer, and the processes according to 
the present invention are executed by a CPU 1 01 . The 
device shown in Fig. 11 comprises two or more network 
interfaces 104, to which different networks are linked. 
As a network interface, not only Ethernet but also PPP 
on a serial line. etc. are available. 
[0049] The configuration of an IP router device ac- 
cording to a preferred embodiment of the present inven- 
tion Is shown in Fig. 12. 

[0050] The IP router device according to this preferred 
embodiment is mainly composed of two converting units 
converting the information within a packet header by 
managing the information of a TCP connection within 
an IP stack, and a unit linking two TCP connections on 
a stream level in the application layer. 
[0051] In Fig. 12, host 2 and host 3 indicate hosts. 
Here, as shown in this figure, it is assumed that the IP 
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address of a host 2 is a1 , the (dynamically assigned) 
client port number of an application is p1 , the IP address 
of a host 3 is a4, and the server port number (fixed value 
for each application server) of an application server is 
p4. 

[0052] Router device 1 indicates the IP router device 
according to this preferred embodiment. As shown in 
Fig. 12, it is assumed that the IP addresses of the IP 
router are a2 and a3, the server port number (fixed val- 
ue) of the stream transfer software is p2, and the (dy- 
namically assigned) client port number of the stream 
transfer software is p3. 

[0053] The I P router device 1 comprises network driv- 
ers 11a and. 11b, IP stacks 12a and 12b, TCP stacks 
1 3a and 1 3b, and a stream transferring unit 1 4 for linking 
two TCP connections with streams. The stream trans- 
ferring unit 14 has a function for extracting the IP ad- 
dress of the original connection destination of a TCP 
connection. 

[0054] 15 indicates a database for managing TCP 
connections. The IP stacks 12a and 12b convert a pack- 
et header in cooperation with the database 15. The IP 
forwarding 1 6 routes an IP packet, which is not regarded 
as a conversion target by the IP stack, in a similar man- 
ner as in the conventional router device shown in Fig. 
1 , as will be described later. 

[0055] Fig. 13 shows the functions for converting a 
packet header within the IP stack and their rules, and 
the cooperation between the TCP connection manage- 
ment database and the conversion functions. 
[0056] In this figure, "a1 " within "src a1 , p1 " indicates 
the IP address (src-IP) of a transmission source and 
"pf" indicates the port number (src-port number) of the 
transmission source, whereas n a4" within "dst a4, p4" 
indicates the IP address (dst-IP) of a connection desti- 
nation and "p4" indicates the port number (dst-port 
number) of the connection destination. This figure also 
illustrates that "src a1 , p1 " and "dst a4, p4" are convert- 
ed from "previous" to "new" respectively with the con- 
version functions 1 through 4. Furthermore, "p2" indi- 
cates the server port number (fixed value) of the stream 
transfer software as described above, and "pN" indi- 
cates the Identification number of a TCP connection, 
which is uniquely assigned to each connection. 
[0057] The conversion rules shown in Fig. 1 3 indicate 
that no change occurs in the packet information (the IP 
address and the port number within a header) explained 
by referencing Fig. 10 when the router is externally 
viewed, and also indicate that and the stream transfer 
function can handle two terminated TCP connections 
when the router is viewed from its application layer. A 
series of the conversion functions is composed of the 
following processes. 

(1) A process for an IP packet flowing from the net- 
work drivers 11a and 11b to the IP stacks 12a and 
12b (the flow shown in Fig. 14) 

(2) A process for an IP packet flowing from the IP 



stacks 12a and 12b to the network drivers 11a and 
11b (the flow shown in Fig. 15) 
(3) An entry deletion process of the TCP connection 
management database 1 5 (abbreviated to a man- 
5 agement database hereinafter) (the flow shown in 
Fig. 16) 

[0058] in the IP packet processes in the above de- 
scribed (1) and (2), the IP stacks 12a and 12b convert 
10 the IP address and the port number within the header 
of an IP packet with the conversion functions 1 through 
4shown in Fig. 13(the flows shown in Figs. 17 through 
20). 

[0059] It should be noted that the IP and the TCP 
15 stacks within the router are respectively separated into 
two for the sake of convenience in Fig. 12. However, 
according to this preferred embodiment, the IP and the 
TCP stacks are shared even if a plurality of interfaces 
exist. Accordingly, the above described packet process 
20 (1 ) includes the conversion functions 1 and 4. Similarly, 
the above described packet process (2) includes the 
conversion functions 2 and 3. 

[0060] As shown in Fig. 6, the conventional IP router 
judges the process for a flowing-in IP packet by deter- 
25 mining whether or not the dst-IP address is the local host 
(router itself), and outputs an IP packet the dst-IP ad- 
dress of which is not the local host to a network via the 
IP forwarding (IP routing). 

[0061] According to this preferred embodiment, TCP 
30 termination is made instead of this IP routing. If an IP 
packet the dst-IP address of which is not the local host 
is a TCP or an ICM P packet, the packet is made to pass 
through the conversion function 4 or 1 (the flow of Fig. 
14 to be described later) . With the respective conver- 
ts sion functions, the IP address and the port number of a 
packet registered to the TCP connection management 
database 15 as a target are converted as shown in Fig. 
13, and the packet is passed to the TCP stack 13a or 
13b within the router. A packet unregistered to the man- 
40 agement database 15 is not regarded as a conversion 
target. 

[0062] As will be described later, the conversion func- 
tion 1 adds an entry to the database if an IP packet that 
is not regarded as a conversion target has an SYN flag 

45 (communication establishment request flag) of TCP, 
and if attempts are made to establish a new TCP con- 
nection. The conversion function 1 must be executed 
after the conversion function 4 r in order to implement 
this new entry addition function. 

so [0063] The IP packet that is not regarded as a con- 
version target finally, that is, a UDP packet or a TCP 
packet which does not comply with some restriction or 
another (a connection number restriction to be de- 
scribed later, etc.) is routed via the IP forwarding 1 6, sim- 

55 iiar to the conventional IP router. 

[0064] With the process for a flowing-out IP packet, 
th conventional IP router searches a routing table for 
a network with a dst-IP address as shown in Fig. 7, and 
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outputs the packet to the searched network. 
[0065] According to this preferred embodiment, a 
packet other than a packet that is transmitted via the IP 
forwarding 1 6, that is, an IP packet passed from the ap- 
plication layer to the TCP/ICMP layer as a target is 
passed to the conversion function 2 or 3, which converts 
its IP address and port number as shown in Fig. 15. The 
packet is processed in a similar manner as in the con- 
ventional router after being converted, and output to the 
network. 

[0066] The TCP connection management database 

15 manages a TCP connection from its generation to its 
termination, and assigns a unique identification number 
(pN shown in Fig. 13) to each connection. 

[0067] An entry managed by the management data- 
base 15 is composed of 5 items A through E as shown 
in Fig. 13. Each entry is newly generated the same time 
a new CP connection is detected by the conversion 
function 1 , and assigned the items A through D. 
[0068] With the conversion function 3, the item E is 
assigned as shown in Fig. 13. In this way, the conversion 
functions 1 through 4 can rewrite the IP address and the 
port number within a packet header in correspondence 
with a database entry. 

[0069] An entry in the management database 15 is 
deleted by the TCP stack in synchronization with the 
closing of a TCP connection as shown in the flow of Fig. 

16 to be described later. Namely, when a TCP connec- 
tion is closed, the TCP stack calls a connection termi- 
nation process routine within the management data- 
base 15 with the identification number of the TCP con- 
nection. This process routine searches a corresponding 
entry with the identification number, and deletes the en- 
try from the database. 

[0070] An entry for managing a connection within the 
management database 15 is newly generated when 
SYN (communication establishment request) of a TCP 
packet reaches, and deleted when being called from the 
closing process of the TCP stack as described above. 
This eliminates the need for tracking an entire TCP se- 
quence for the existence of a connection [SYN (commu- 
nication establishment request), FIN (termination re- 
quest), and RST (forcible termination) as in the opera- 
tions of the TCP stack, thereby greatly simplifying the 
connection management process. 
[0071] The stream transferring unit 14 makes a 
stream transfer as shown in the flow of Fig. 21 to be 
described later. 

[0072] The difference between the typical stream 
transfer function for use in the conventional application 
gateway shown in Fig. 8 and the stream transfer function 
according to this preferred embodiment exists in a meth- 
od obtaining the IP address and the port number of a 
server to be connected. 

[0073] With the conventional application gateway, the 
information of the IP address and the port number are 
normally presented within a stream from a client. By way 
of example, for an http proxy which is one type of an 



application gateway, host information for obtaining an 
IP address "www. nic.ad.jp" and a port number "80" are 
written in its stream as follows. 

[0074] GET/HTTP/1.0 (at the time of an end-to-end 
5 communication) 

[0075] GET http://www.nic.ad.jp:80/ HTTP/1 .0 (when 
the proxy is used) 

[0076] In contrast, according to this preferred embod- 
iment, the information of an original connection destina- 

io tion ("dst a4" in Fig. 1 3) remains within an IP packet after 
the conversion function 1 as shown in Fig. 13. There- 
fore, the stream transfer function can obtain the IP ad- 
dress of the server to be connected by using a function 
for obtaining the connection destination information of 

15 a socket. 

[0077] Since the port number is rewritten to the server 
port ("p2" in Fig. 13) of the server socket of the stream 
transfer function by the conversion function 1 , the orig- 
inal value cannot be obtained from destination informa- 
20 tion of a socket with the stream transfer function. How- 
ever, the identification number (pN in Fig. 13) of a TCP 
connection is set in the src-port number of the socket by 
the conversion function 1 as shown in Fig. 13. There- 
fore, this is used as the port number of the TCP connec- 
ts tion to the server. 

[0078] The information of the port number is rewritten 
to the port number ("p4" in Fig. 13) of the server being 
the original connection destination when a TCP packet 
passes through the conversion function 3, as shown in 
30 Fig. 1 3. With the conversion function 3, not only the dst- 
port number but also the src-IP address and the src-port 
number are rewritten. Therefore, even if the stream 
transfer function uses a client socket that assigned a dy- 
namic port number the original IP address and the port 
35 number which are assigned by the original client, can 
be viewed from the server in which the client is to be 
accornmodated. 

[0079] The above described process is explained by 
referencing the flowcharts shown in Figs. 1 4 through 21 . 

40 [0080] Fig. 1 4 shows the IP packet input process per- 
formed by the IP stack in the above described (1). 
[0081] Whenan IP packet flows from the network driv- 
er to the IP stack, the IP stack determines whether or 
not the dst- IP address is its local host (step S1). If the 

45 dst-IP address is its local host, the IP stack passes the 
packet to the TCP/IP stack of the local host (step S2). 
Here, the process is terminated. If the dst-IP address is 
not the local host, the IP stack determines whether the 
packet is either a TCP or an ICMP packet (step S3). If 

50 the packet is nether a TCP nor an ICMP packet, the IP 
stack passes the packet to the IP packet output process 
via the IP forwarding 16. 

[0082] If the IP packet Is either a TCP or an ICMP 
packet, the process proceeds to step S5 where the IP 
55 address and the port number within the TCP/IP packet 
are converted with the conversion function 4 (the flow 
of Fig. 20 to be described later), for example, as shown 
in the conversion function 4 of Fig. 13. Then, it is deter- 
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mined whether or not the IP address and the port 
number are converted (step S6). If it is determined that 
the IP address and the port number are converted., the 
packet is passed to the TCP/IP stack of the local host 
(step S2). Here, the process is terminated. 
[0083] If it is determined that the IP address and the 
port number are not converted, the IP address and the 
port number within the TCP/IP packet are converted 
with the conversion function 1 (the flow of Fig. 17), for 
example, as shown in the conversion function 1 of Fig. 
13. Then, it is determined whether or not the IP address 
and the port number are converted (step S8). If the IP 
address and the port number are not converted, the 
packet is passed to the IP packet output process via the 
I P forwarding 1 6 (step S4). If the I P address and the port 
number are converted, the packet is passed to the TCP/ 
IP stack of the local host (step S2). Here, the process is 
terminated. 

[0084] Fig. 15 shows the IP packet output process 
performed by the IP stack in the above described (2). 
[0085] When an IP packet flows into the IP stack, the 
IP stack determines whether or not the packet is 
reached via the IP forwarding 16 (step S1). If the IP 
packet is reached via the IP forwarding 1 6, the process 
proceeds to step S6 where the IP stack searches a rout- 
ing table with the dst-IP address or its subnetwork (step 
S6), and passes the IP packet to the network driver ac- 
cording to the routing table. 

[0086] If the IP packet is not reached via the IP for- 
warding 1 6, the I P stack determines whether the packet 
is either a TCP or an ICMP packet (step s2). If the packet 
is neither a TCP nor an ICMP packet, the process pro- 
ceeds to step S6 where the above described process is 
performed. 

[0087] If the IP packet is either a TCP or an ICMP 
packet, the IP address and the port number within the 
TCP/IP packet are converted with the conversion func- 
tion 2 (the flow shown in Fig. 1 8), for example, as shown 
in the conversion function 2 of Fig. 13 (step S3). Then, 
it is determined whether or not the IP address and the 
port number are converted (step S4). If the IP address 
and the port number are converted, the process pro- 
ceeds to step S6. If the IP address and the port number 
are not converted with the conversion function 2, the IP 
address and the port number within the TCP/IP packet 
are converted with the conversion function 3 (the flow 
of Fig. 1 9) (step S5). The process then proceeds to step 
S6 where the routing table is searched with the dst-IP 
address or its subnetwork (step S6), and the IP packet 
Is passed to the network driver according to the routing 
table. 

[0088] Fig. 1 6 shows the entry deletion process in the 
management database 15 In the above described (3). 
[0089] Upon termination of a connection within the 
TCP stack, the connection termination process within 
the TCP stack notifies the management database 15 
that the connection is terminated (step S1). As a result, 
the connection termination process within the manage- 



ment database 15 is called. The connection termination 
process searches the database for a corresponding en- 
try with the identification number (the above described 
"pr\T) of the TCP connection (step S3), and deletes the 
5 entry from the database (step S4). 

[0090] In the meantime, the connection termination 
process within the TCP stack deletes the TCP control 
block (step S2). 

[0091] Fig. 17 shows the process performed by the 
10 above described conversion function 1 . The src-IP ad- 
dress, the src-port number, the dst-IP address, and the 
dst-port number within aTCP/IPpacket flowing fromthe 
network driver into the IP stack are converted with the 
conversion function 1 as follows. 
15 [0092] First of all, in step S1 , entries within the man- 
agement database 15 are searched, and it is deter- 
mined whether or not an entry including the src-IP ad- 
dress within the TCP/IP packet, which matches the IP 
address of the item A (see Fig. 13) within the manage- 
ment database 15, the src-port number which matches 
the port number of the item A, the dst-IP address which 
matches the IP address of the item B, and the dst-port 
number which matches the port number of the item B, 
exists. 

[0093] If the above described entry does not exist in 
the management database 15, the process proceeds 
from step S2 to step S3 where it is determined whether 
or not a connection to be processed complies with a re- 
striction on the number of connections. If the connection 
to be processed does not comply with the restriction on 
the number of connections, the process is terminated. 
In this case, the packet is passed to the IP packet output 
process via the IP forwarding 16. 
[0094] If the connection to be processed complies 
with the restriction on the number of connections, as to 
generation of entries, first the number of connections is 
checked, then step S3a is conducted to check if estab- 
lishment of TCP connection is required. If the establish- 
ment of TCP connection is required, process goes to 
step S4, otherwise process terminates, thereby TCP 
connection generation by TCP stack is synchronized 
with generation of entries for address rewriting. In step 
S4 S a new entry is generated In the management data- 
base 15, and the src-IP address and the src-port number 
are registered to the item A within the above described 
entry (step S5). Besides, the dst-IP address and the dst- 
port number are registered to the item B within the entry 
(step S6). For example, in Fig 13, "a1 . p1" and w a4 : p4" 
are respectively registered to the items A and B. 
[0095] Additionally, duplicates of the items A and B 
are registered to the IP addresses of the items C and D 
within the entry respectively. Furthermore, the identifi- 
cation number of the TCP connection is registered to 
the port number (step S7). For example, in Fig. 1 3, "pN M 
is registered to the port numbers of the items C and D. 
[0096] Then, the port number of the item C is set in 
the src-port number within the TCP/IP packet (step S8), 
and the server port number of the stream transfer soft- 
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ware is set in the dst-port number within the TCP/IP 
packet (step S9). Then : checksum of the IP packet is 
recalculated (step S1 0), and the process is terminated. 
[0097] Or, if it is determined that the entry satisfying 
the condition of step S1 exists in step S2, the process 
proceeds to step S8. The operations in steps S8 to S1 0 
are repeated. 

[0098] With the above described process, for exam- 
ple, in Fig. 13, "a1" and "pN" are respectively in the src- 
IP address and the src-port number, whereas "a4" and 
"p2" are respectively set in the dst-IP address and the 
dst-port number, as shown in "new" of the conversion 
function 1 shown in Fig. 13. 

[0099] Fig. 18 shows the process performed by the 
above described conversion function 2. The src-IP ad- 
dress, the src-port number, the dst-IP address, and the 
dst-port number within aTCP/IP packet flowing from the 
I P stack to the network driver are converted with th e con- 
version function 2 as follows. 

[0100] First of all, in step S1, entries in the manage- 
ment database 15 are searched, and it is determined 
whether or not an entry including the dst-IP address 
within a TCP/IP packet which matches the IP address 
of the item C within the management database 15, and 
the dst-port number which matches the port number of 
the item C, exists (step S2). 

[0101] If the above described entry does not exist in 
the management database 15, the process is terminat- 
ed. If the entry exists, the process proceeds from step 
S2 to step S3 where the port number of the item B is set 
in the src-port number within the TCP/IP packet, and the 
port number of the item A is set in the dst-port number 
within the TCP/IP packet (step S4). Then, checksum of 
the IP packet is recalculated (step S5), and the process 
is terminated. 

[0102] With the above described process, for exam- 
ple, as shown in "new" of the conversion function 2 of 
Fig. 13. "a4" and ^4" are respectively set in the src-IP 
address and the src-port number, whereas B a1 " and w p1 " 
are respectively set in the dst-IP address and the dst- 
port number. 

[0103] Fig. 19 shows the process performed by the 
above described conversion function 3. The src-IP ad- 
dress, the src-port number, the dst-IP address, and the 
dst-port number within aTCP/IP packet flowing from the 
I P stack to the network driver are converted with the con- 
version function 3 as follows. 

[0104] First of all, in step S1 , entries within the man- 
agement database 15 are searched, and it is deter- 
mined whether or not an entry including the dst-IP ad- 
dress within the TCP/IP packet which matches the IP 
address in the item D within the management database 
15, and the dst-port number which matches the port 
number of the item D, exists. 

[0105] If the above described entry does not exist in 
the management database 15, the process is terminat- 
ed. If the ntry exists, the process proceeds from step 
S2 to step S3 where the IP address of the item A is set 



in the src-IP address within the TCP/IP packet (step S3). 
Then : the port number of the item A is set in the src-port 
number within the TCP/IP packet (step S4), and the port 
number of the item B is set in the dst-port number within 
5 the TCP/IP packet (step S5). Then, the checksum of the 
IP packet is recalculated (step S6). 
[0106] Next, it is determined whether or not the above 
described entry has been registered to the. item E (step 
S7). If the entry has not been registered, the src-IP ad- 
dress and the src-port number are registered to the item 
E of the entry (step S8), and the process is terminated. 
[0107] With the above described process, for exam- 
ple, as shown in "new" of the conversion function 3 
shown in Fig. 13, "a1" and "pV are respectively set in 
the src-IP address and the src-port number, whereas 
"34° and "p4 n are respectively set in the dst-IP address 
and the dst-port number. Additionally, M a3 : p3 w is regis- 
tered to the item E of the management database 15. 
[0108] Fig. 20 shows the process performed by the 
above described conversion function 4. The src-IP ad- 
dress, the src-port number, the dst-IP address, and the 
dst-port number within a TCP/I P packet flowing f rom the 
network driver to the I P stack are converted with the con- 
version function 4 as follows. 

[0109] First of all, jn step S1 , entries in the manage- 
ment database 15 are searched., and it is determined 
whether or not an entry including the src-IP address 
within the TCP/IP packet which matches the IP address 
in the item B within the management database 15 : the 
src-port number which matches the port number of the 
item B, the dst-IP address which matches the I P address 
of the item A : and the dst-port number which matches 
the port number of the item A, exists. 
[0110] If the above described entry does not exist in 
the management database 15, the process is terminat- 
ed. If the entry exists, the process proceeds from step 
S2 to step S3 where the port number of the item D is set 
in the src-port number within the TCP/IP packet (step 
S3). Then, the IP address of the item E is set in the dst- 
IP address within the TCP/IP packet (step S4), and the 
port number of the item E is set in the dst-port number 
within theTCP/IP packet (step S5). Then, the checksum 
of the IP packet Is recalculated (step S6), and the proc- 
ess is terminated. 

[0111] With the above described process, for exam- 
ple, as shown in "new" of the conversion function 4 in 
Fig. 13, "a4" and "pN w are respectively set in the src-IP 
address and the src-port number, whereas M a3" and "p3" 
are respectively set in the dst-IP address and the dst- 
port number. 

[0112] Fig. 21 shows the process flow of the above 
described stream transfer function. 
[0113] The stream transfer function according to this 
preferred embodiment is similar to the conventional 
stream transfer function shown in Fig. 8. As described 
above, the stream transfer function according to this 
preferred embodiment obtains th IP address of the 
server to be connected by using the function for obtain- 
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ing the connection destination information of a socket. 
[0114] Namely, as shown in the flow of Fig. 21, the 
stream transfer function waits for the link of a TCP con- 
nection as a server socket (step S1), and establishes 
the TCP connection with a client (step S2). Then, the 
stream transfer function obtains the dst-IP address and 
the src-port information from the TCP connection infor- 
mation between the client and the router (step S3), and 
establishes the TCP connection at the connection des- 
tination as a client socket (step S4). 
[0115] Then, the stream transfer function determines 
whether or not the stream continues (step S5). If the 
stream does not continue, the process is terminated. If 
the stream continues, the stream transferfunction reads 
data the amount of which is equal to or smaller than a 
predetermined amount from the stream to the client 
(step S6), and writes the data to the stream from the 
server. 

[0116] The above provided explanation refers to the 
preferred embodiment for fundamentally implementing 
a single end-to-end TCP connection. However, a plural- 
ity of TCP connections can be supported by managing 
a plurality of entries in the database and by uniquely as- 
signing an identification number assigned to a TCP con- 
nection to TCP connections the number of which com- 
plies with a restriction on the number of managed TCP 
connections. 

[01 1 7] The identification number of a TCP connection 
is incremented by 1 from its initial value (such as 1024, 
etc.). If this number exceeds the range of the number of 
managed TCP connections, it is reset to an initial value 
when reaching a predetermined number. If the identifi- 
cation number to be used is already in use at this time, 
it is further incremented by 1 . 

[0118] With the conventional application gateway, 
packet routing in the IP layer is not performed. Accord- 
ingly, dedicated processes are required for IP packets 
such as UDP, ICMP packets, etc. otherthan a TCP pack- 
et. The router device according to the present Invention 
comprises the mechanism for passing only a TCP pack- 
et (the mechanism for transmitting an ICMP packet will 
be described later) to the TCP layer within the router. 
Therefore, the other IP packets are routed similar to the 
conventional IP router. Accordingly, the global ^connec- 
tivity is guaranteed for a connection other than a TCP 
connection. 

[0119] Additionally, the conventional application gate- 
way requires a buffer for controlling TCP Therefore, as 
the number of connections grows, a used memory 
amount increases. Since this is larger than the used 
memory amount of normal IP routing, an unlimited 
number of TCP terminations leads to much consump- 
tion of system memory. As a result, a disadvantage that 
the price of the device is increased is caused. 
[0120] With the router device according to this pre- 
ferred embodiment, the number of connections is man- 
aged for each src-IP address in the databas , as shown 
in the conversion function 1 that is explained by refer- 



encing Fig. 1 7. When attempts are made to generate an 
entry for a new connection, the comparison between a 
predetermined restriction number and the number of 
currently managed connections is made. If the number 
5 of currently managed connections exceeds the restric- 
tion number, a new entry is not generated. All of IP pack- 
ets thereafter are to be forwarded in the IP layer by the 
similar manner to the conventional router. 
[01 21 ] This achieves the effect of preventing the sys- 
tem performance from being degraded or stopped with 
a temporary or steady increase in the number of con- 
nections. Furthermore, the memory amount or the CPU 
performance required to design the device can be stip- 
ulated. 

[0122] In this preferred embodiment, also a predeter- 
mined ICMP packet is terminated within the router de- 
vice according to this preferred embodiment. Here, the 
predetermined ICMP packet is apacket including aTCP 
header in its data portion. To be more specific, ICMP 
header types 3 through 5, 11 and 12 are targeted as 
shown in Fig. 5. 

[0123] Namely, the ICMP packet has a packet header 
shown in Fig. 5, stores an IP header and its upper layer 
(such as TCP layer, etc.) header in its data portion, and 
transmits these information. If an error occurs when a 
packet passes through the router device according to 
this preferred embodiment from a host A and reaches a 
different router or a host at an end point, the error is no- 
tified to a packet transmission host with an ICMP packet 
in some cases. 

[0124] At that time, part of the IP packet that causes 
the error is directly inserted in the data portion of the 
ICMP packet. An error occurring in an IP packet config- 
uring a TCP connection must be notified to the host 
which actually terminates theTCP connection (here, the 
router device according to this preferred embodiment). 
[0125] The reason is that the information of a se- 
quence number included in the TCP header that is in- 
serted in the ICMP data portion is different in the two 
TCP connections split by the router device according to 
this preferred embodiment, and an information incon- 
sistency arises due to the notification with an ICMP 
packet. 

[0126] However, since the router device according to 
this preferred embodiment performs the operation for 
guaranteeing the global connectivity for the hosts at 
both ends, the host which generates an ICMP packet 
(or a router device) attempts to transmit the packet to 
the host A shown in Fig. 22. 

[0127] Therefore, according to the present Invention, 
not only a TCP connection but also a predetermined IC- 
MP packet is terminated within the router device accord- 
ing to the present invention. 

[0128] To terminate the ICMP packet (that is, to per- 
form header conversion), an entry search using a con- 
nection is required similar to a normal ICMP packet. 
Note that, however, the proc eding direction of the IC- 
MP packet and that of the TCP packet included in the 
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data portion of the ICPM packet are reverse as shown 
in Fig. 22. Therefore, a search and a conversion must 
be performed after the src and dst information within the 
IP and the TCP headers in the data portion are reversed. 
[0129] These information are restored to their origi- 5 
nals after being converted. During this conversion, also 
the dst- IP address within the header of the IP packet 
included in the ICMP packet is converted similar to the 
dst-IP address within the IP header included in the ICMP 
data portion after being reversed. 10 
[0130] The process for an ICMP packet is shown in 
Fig. 23. 

[0131] In this figure, contents of the src and the dst 
information of the IP and the TCP packets included in 
the payload (data portion) of the ICMP packet are re- *5 
versed (step S1). Then, entries in the management da- 
tabase 1 5 are searched based on the information of the 
IP address and the port number of the IP and the TCP 
packets within the payload (data portion) of the ICMP 
packet. Then, the process of each function is conducted 20 
to the IP address and TCP port number of payload of 
ICMP in step S2. In step 2a, src-IP in the IP header ac- 
commodating ICMP packet is also converted after the 
process of the function 3 as src-IP address after reversal 
of IP header included in a data part of the ICMP and dst- 25 
IP in the IP header accommodating ICMP packet is also 
converted after the process of the function 4 as dst-IP 
address after reversal of IP header included in a data 
part of the ICMP. 

[01 32] Next, the contents of the src and the dst infor- 30 
mation of the IP and TCP packets within the payload 
(data portion) of the ICMP packet are reversed. 
[0133] As described above : according to the present 
invention, an IP router device that guarantees global 
connectivity which is important as one nature of the In- 35 
ternet while adopting a TCP termination mechanism in 
order to make an efficient transmission in a TCP con- 
nection straddling networks of different natures. 

40 

Claims 

1 . An IP router device, which has a function for termi- 
nating a TCP connection and for connecting a plu- 
rality of different IP networks, comprising: 45 

first converting means (12a) for rewriting part 
of IP address information and port number in- 
formation within a plurality of IP packets when 
the plurality of IP packets to bo relayed, which so 
form a TCP connection, pass through the router 
device; 

means (14)for extracting information Indicating 
an original connection destination of the TCP 
connection, generating a TCP connection from 55 
the router to the connection destination, and 
linking the two TCP connections with streams; 
and 



second converting means (12b) for rewriting 
part of IP address information and port number 
information within a plurality of IP packets form- 
ing a TCP connection for the TCP connection 
to the original connection destination, wherein 
said first and said second converting means 
handle the two TCP connections as a pair store 
information needed for rewriting, which is relat- 
ed with an identification number, in a database 
by assigning a unique identification number to 
the pair and manages the two TCP connec- 
tions with the unique identification number 
stored in the database. 

2. The IP router device according to claim 1 , wherein 

said first and said second converting means 
(12a, 12b) generate, delete, or update information 
of IP address or TCP port number stored in the da- 
tabase upon receipt of TCP connection termination 
notification from a TCP stack. * 

3. The router device according to claim 1 or 2, wherein 

said first and said second converting means 
(12a, 12b) route an IP packet other than a TCP 
packet to a predetermined network without rewriting 
information within the IP packet. 

4. The IP router device according to claim 1 , 2 or 3, 
wherein 

said first and said second converting means 
(12a, 12b) route an IP packet of a new TCP con- 
nection, which exceeds a predetermined number of 
connections, to a predetermined network without 
rewriting information within the IP packet. 

5. The I P router device according to claim 1 , 2, 3 or 4, 
wherein 

said first and said second converting means 
(12a, 12b) rewrite IP address information and port 
number information of an ICMP packet, and part of 
TCP/IP header information included in TCP/IP 
header information included in packet data for the 
ICM P packet having a predetermined type as head- 
er information within the packet. 

6. A storage medium on which Is recorded a program 
for causing an information processing device to ex- 
ecute a process for terminating a TCP connection 
and for linking a plurality of different IP networks, 
the process comprising: 

rewriting part of IP address information and port 
number information within a plurality of IP pack- 
ets when the plurality of IP packets to be re- 
layed, which form a TCP connection, pass 
through a router device; 
extracting information indicating an original 
connection destination of the TCP connection, 
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generating a TCP connection from the router to 
the connection destination, and linking the two 
TCP connections with streams; and 
rewriting part of IP address information and port 
number information with in a plurality of IP pack- 5 
ets forming a TCP connection for the TCP con- 
nection to the original connection destination; 
and 

handling the two TCP connections as a pair, 
storing information needed for rewriting, which io 
is related with a identification number, in a da- 
tabase by assigning a unique identification 
number to the pair, and managing the two TCP 
connections with the unique identification 
number stored in the database. 15 
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